Exposing the Internet-Connected Infrastructure of the Cybercriminals Behind the 
Flashpoint Intel Web Site Compromise - An OSINT Analysis 
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We've decided to provide actionable intelligence on the Internet-connected infrastructure behind 
the Flashpoint Intel Web site compromise with the idea to assist U.S Law Enforcement and the 
security industry on its way to properly track down and monitor the cybercriminals behind these 
campaigns. 


Sample domains known to have been involved in the campaign include: 


ermoyen.tk 
monetizer-return.com 
oussercondition.tk 
superlzpre.com 
mobusi.com 
unanimous.live 
newsfeed.support 
minently.com 
destinywall.org 
plutonium.icu 


Sample known responding IPs known to have been involved in the campaign include: 


156.154.113.36 
195.20.45.35 
104.219.248.19 
47.245.10.59 
172.64.137.10 
138.68.113.179 
172.64.165.16 
162.222.213.197 
10.10.34.35 
99.198.108.198 


91.195.240.103 
198.143.165.221 
217.13.124.118 
156.154.175.30 
198.54.117.210 
146.112.61.107 
37.230.116.105 
198.54.117.216 
23.202.231.167 
217.13.124.95 
23.217.138.108 
195.20.41.119 
205.147.93.131 
162.222.213.199 
172.64.93.139 
89.255.252.29 
104.28.24.233 
172.64.85.195 
172.64.88.234 
185.28.71.53 
172.64.94.225 
176.123.9.53 
198.54.117.212 
198.54.117.217 


Related malicious domains known to have been involved in the campaign include: 


www.ecommsupreme.com 
botticelli.mobusi.com 
www.geardevice.com 
mari.mobusi.com 
embla.mobusi.com 
bria.homeaidsupply.su 
piggy.homefirstvalue.su 
rftwu.in.vg 
iqbal.mytabletcompany.su 
adslI-99-191-2-214.edu.tv 
cf.arimw.tk 

first.staroffer.xyz 

uqdgj.tk 
targeted.2makeyourday.online 
app.premiumtraffc.com 
www.americantrade.co 
thepresident2016web.tech 


macadam.mobusi.com 
gamestream.club 

battle. mobusi.com 
singaporedatingclub.com 
kongpfpse.www.9666hh.com 
radiologyjob.info 
npupx.www.9azz.com 
nbbqg.www.xy2046.com 
y8euu.tk 

ehcp.5i0j1.tk 
free.3arbweb.com 

au.bidpd.tk 

c.stibium.xyz 
oe2npdujmb6bgdvil4dvubpjhgi.1.0.igrsocdkqdvgzle4rdnvfvod2a.srw1c3w.dnsO.org 
www.thepepeserna.com 
bz.ocmulgeesite.com 
www.leadvestors.com 
www.miuxyoga.com 
www.rhnc.us 
www.olenloistava.com 
jmqcf.www.9888hh.com 
afkary.alshimaamahmoud.com 
gbf.www.9azz.com 
lin.campaignlink.xyz 
mx1.goto.dialog.support 
hostmaster.keepitorganized.bid 
web.a.ebscohost.com.ezproxy.eiyaaa.com 
direct.urgency.newpost.support 
www.zgirls-hack.1010.com 
devtest.qm2727.com 
ntmail.usis.com 
pdf-54673.brightonclimatechange.org 
home.alma-da.org 
general.newsfeed.support 
publicholidays.ph 
www.hk3sp8.space 
www.cliqueiachei.com.br 
www.codinghim.com 
www.hsen.net 
shexiangleyuan.cn 
mancoronavis24.com 
mailwww-promo-web35-login.mindef.gov.sg 
3anvs.kangbingdu.com.cn 
optsynch.com 


talk1170an-inactiveelb.kik.com 
celeryleek.com 
jm60nmk2or-1nlodfq831bl5w-wtm.sg1.dailymotion.com 
datalab.dialog.support 
mastera.cluster.notify.support 
twitarded.rntx.win 
monitor.click.dialog.support 
downloadpdf360709.speakyoursoul.org 
www.2016election.procon.org 
textject.com 

scandal.newsfeed.support 
faststap.com 

www.rusdialog.ru 
fixes.boothradiology.com 

cinecalidad.tv 

ftp.drbrowndmd.com 

www.wijhtsy.com 

ssp.kimia.mobi 

nice.hackerone.com 

relay.oxb2.com 

smayt.com 
www.buttepianoacademy.com 
nnoncerprsident.tk 
www.preguntopolis.com 
manage.dremain.tk 
www.thetrustedcentralcontentingperfect.win 
widgets.egestion.tk 
www.agilefranchiselab.com 
www.pythonscript.org 

ccm.myramed.in 

dv8flxaq.com 

historicrentals.com 

5fgfc.tk 

img13.porngo.com 

chinanet-230.tk 

www.mhthemes.com 

shop.nkoecvg.tk 

238.as589.tk 

outlook.nvoyerdbut.tk 
videos.dremain.tk 

www.trafficmap.de 
643e3fed5f44ab187dc9b510ed10cd8c.Iswcdn.net 
www.roykeycreo.com 
a307cd38a362d22a0ba9221 70f4329ba.lswcdn.net 


www.probablyneedthis.com 
72f48130e7baef9075dcf8307589e0ed.Iswcdn.net 
www.adaptivemachinetranslation.com 
www.knowyourapples.com 
straponportal.com 

m.pornl.com 

205.93zbz.tk 

potatovpn.io 
apps/05419.leadzuin.com 
www.penguinmd.com 
apps/730309.leadzuin.com 
images.emailaptitude.com 
apps052638.leadzuin.com 
samorzad.tipslz.com 
starvod.siliconweb.com 
cdn.hairypeaches.com 
www.sendto.download 

978-928-0707 .scamranger.com 
fb6d7216a8314c84b4e759965448f7b7.com 
weipretwatchro.cf 
www.simo.matchcollections.com 
www.factual.soundcloud.com 
2016480228. invalid 

happychaos.com 

static.epg.best 
apps659875.leadzuin.com 

jjal.ninja 
namebench3405865166.blogspot.com 
www.i51nm.cn.cdn.cloudflare.net 
gnibyjcfeluxmxmv.dafa888678.com 
mrivylchsxmz.www.17175.com 
ynqdoxozax.51yes.com 
www.wareztorrent.com 
517-982-1567.scamranger.com 
budsboard.com 

1072582960. invalid 
www.bodrumpersonelkiyafetleri.bodruminside.com 
1695159101 .invalid 
seanmcdowell.org 

1830142197. invalid 
www2.sbce.med.br 
www.shopby99.thewebhive.com 
xwj.adohrtahyo.pw 

dadangsaja.xyz 


ftlspi.icu 

ovyruhspav.51yes.com 

cdn.ikmoasentic.com 

freeprozone.com 
118c2c6c5af53bc51fddc1efe33f9f0a.lswcdn.net 
off. vodgift2021.xyz 

ftp.jiayix.site 

good. prote.today 

data-location.enhance.co 

ilcorsaronero.info 

magicshop.co.uk 

1533302189.invalid 

cristi.safebestsupply.com 

alifecoachforme.in.vg 

edzile.safebestdeal.com 
ykxwwkoeo.myengro.com 
veryablegallery.edu.tv 

cdn2.clamxav.com 
b6fee9f92367c9e3dcc0d16ad8cdfaa2.Iswcdn.net 
6ca327828b2847baf08e2d3f382e3f36.lswcdn.net 
offers.yehova.online 


Sample malicious MD5s known to have been involved in the campaign include: 


c488a85f4fab76a640db654ac/73cbefc 
6ec96570247729ecd22670e3fa707276 


Sample related responding IPs known to have been involved in the campaign include: 


46.20.4.188 
5.135.0.194 
212.92.39.34 
212.92.39.33 
212.92.39.35 
184.173.90.90 
47.245.8.67 
13.32.193.81 
54.192.82.117 
205.251.219.107 
592.222.171.227 
91.195.240.136 
172.64.165.16 
162.222.213.197 
10.10.34.35 


99.198.108.198 
67.227 .226.240 
91.195.240.103 
198.143.165.221 
217.13.124.118 
156.154.175.30 
198.54.117.210 
146.112.61.107 
37.48.105.98 
37.230.116.105 
185.28.70.32 
8.248.0.22 
178.162.217.175 
67.27.162.122 
8.240.48.122 
8.238.113.250 
205.147.93.131 
162.222.213.199 
104.26.3.88 
172.64.93.139 
104.26.2.88 
89.255.252.29 
172.67.72.14 
104.28.24.233 
89.255.250.54 
172.64.85.195 
172.64.88.234 
185.28.71.53 
172.64.94.225 
66.152.109.75 
176.123.9.53 
124 .232.132.94 
198.54.117.212 
183.224.40.24 
195.20.45.35 
89.255.249.55 
88.150.240.195 
104.219.248.19 
4.27.17.252 
80.233.134.249 
47.245.10.59 
208.69.32.164 
172.64.137.10 
138.68.113.179 


154.195.91.125 
104.24.96.65 
108.186.177.125 
172.67.195.34 
107.172.111.24 
172.67.155.13 
38.54.238.125 
104.28.7.7 
156.154.113.36 
198.54.117.217 
198.54.117.216 
68.65.122.150 
23.202.231.167 
217.13.124.95 
23.217.138.108 
195.20.41.119 
172.64.136.10 
104.21.84.40 
104.21.21.171 
104.27.179.119 
172.67.186.21 
104.27.178.119 
195.20.52.182 
104.27.183.84 
93.189.113.39 
36.86.63.182 
23.200.237.225 
23.60.91.225 
43.249.37.245 
198.54.117.197 
89.255.249.53 
198.54.117.200 
209.58.153.10 
198.54.117.199 
89.255.250.53 
198.54.117.198 
213.227.130.48 
198.105.254.111 
89.255.250.69 
89.255.249.102 
172.64.92.178 
103.139.42.59 
50.63.202.65 
217.13.124.96 


89.255.249.68 
54.190.245.8 
89.255.248.53 
184.168.221.47 
89.255.248.55 
185.237.224.163 
34.98.99.30 
172.64.81.120 
172.64.81.118 
172.64.84.141 
172.64.81.98 
104.27.132.235 
104.24.113.235 
72.52.179.175 
104.21.89.78 
185.181.104.82 
104.24.119.86 
104.20.8.8 
89.255.249.54 
104.24.118.86 
172.64.80.203 
172.64.90.173 
172.64.84.230 
208.91.197.91 
172.64.81.83 
52.56.160.19 
172.64.91.35 
44.227.65.245 
156.154.175.232 
44.227.76.166 
37.58.107.93 
172.64.81.154 
162.255.119.248 
172.64.95.97 
104.27.171.199 
172.64.91.130 
172.64.128.36 
172.64.80.156 
172.64.83.237 
50.63.202.57 
156.154.176.30 
194.67.71.184 
194.67.71.119 
104.31.73.228 


172.64.94.112 
104.31.82.229 
172.64.83.77 
184.168.221.43 
172.64.82.213 
172.64.84.125 
124.6.61.19 
45.87.80.66 
31.220.23.235 
172.67.197.131 
165.227.67.99 
58.143.121.119 
159.65.178.28 
159.203.122.72 
162.255.119.59 
69.172.201.153 
34.254.1.203 
66.96.161.150 
172.64.81.81 
165.254.27.75 
184.84.222.8 
23.215.132.81 
108.179.246.66 
172.64.90.163 
104.21.0.204 
104.28.13.5 
172.64.80.136 
172.64.90.179 
172.64.104.10 
172.64.88.78 
172.64.89.148 
35.205.42.228 
172.64.85.103 
172.67.74.131 
172.67.163.202 
85.13.156.36 
104.21.1.202 
104.26.4.35 
172.64.164.16 
43.225.55.240 
109.232.240.24 
185.99.3.68 
94.75.199.172 
50.63.202.39 


122.228.74.178 
188.114.96.29 
188.114.97.8 
188.114.97.3 
198.54.117.218 
70.182.143.1 
198.54.117.215 
104.28.27.60 
172.64.129.36 
172.64.196.39 
178.162.217.168 
3.223.115.185 
178.162.217.176 
46.28.246.50 
184.168.221.81 
198.252.99.77 
72.52.4.119 
50.63.202.80 
211.138.122.228 
124.112.127.54 
18.213.250.117 
221.204.226.181 
172.64.81.251 
23.254.209.35 
95.165.145.236 
5.133.12.15 
185.128.42.107 
18.119.154.66 
89.222.128.42 
209.58.153.9 
3.140.13.188 
37.48.105.110 
154.194.169.39 
37.48.105.109 
23.108.68.90 
198.54.117.24 
34.202.122.77 
198.54.117.211 
50.63.202.78 
104.21.79.76 
104.24.111.224 
104.24.110.224 
198.54.116.174 
172.64.81.110 


198.37.112.156 
69.64.147.10 
103.139.0.9 
23.251.57.225 
178.162.217.167 
172.64.89.87 
172.64.90.210 
195.20.47.170 
172.64.86.161 
104.18.57.113 
172.64.81.88 
172.64.91.55 
216.157.88.23 
127.0.0.4 
185.107.56.207 
162.222.213.198 
52.58.78.16 
172.217.6.129 
172.217.9.161 
5.79.68.107 
109.201.133.71 
37.48.65.152 
162.210.199.87 
172.64.91.138 
172.64.94.28 
74.63.241.20 
74.63.241.27 
65.1.226.140 
13.126.106.244 
35.154.194.57 
172.217.9.129 
13.233.12.158 
156.154.112.36 
69.64.147.242 
74.63.241.25 
184.168.221.36 
74.63.241.22 
104.28.25.233 
198.105.244.111 
146.112.61.105 
109.201.133.39 
162.210.196.168 
104.21.15.128 
162.210.196.166 


172.67.162.160 
209.126.123.111 
68.178.252.117 
172.64.93.176 
172.64.85.124 
208.91.112.55 
162.210.196.167 
109.201.133.68 
199.115.115.119 
103.25.56.68 
172.64.86.171 
172.64.87.156 
172.64.87.125 
108.61.19.13 
104.200.23.46 
78.41.204.30 


We'll continue monitoring the campaign and will post updates as soon as new developments 
take place. 


